From c26464eb59b71b40bea11b4829b2a848343081f2 Mon Sep 17 00:00:00 2001 From: Thore Sommer Date: Sat, 8 Oct 2022 21:29:18 +0300 Subject: [PATCH 7/9] tpm2_eventlog_yaml: fix parsing for MokListTrusted Not all data in events of the EV_EFI_VARIABLE_AUTHORITY are EFI_SIGNATURE_DATA. The entry for MokListTrusted is a boolean encoded as an integer similar to SecureBoot variable. Fixes #3050 Signed-off-by: Thore Sommer --- lib/tpm2_eventlog_yaml.c | 60 +++++++++++++++++++++++++++------------- 1 file changed, 41 insertions(+), 19 deletions(-) diff --git a/lib/tpm2_eventlog_yaml.c b/lib/tpm2_eventlog_yaml.c index 66a20701..0b1d0318 100644 --- a/lib/tpm2_eventlog_yaml.c +++ b/lib/tpm2_eventlog_yaml.c @@ -418,27 +418,49 @@ static bool yaml_uefi_var(UEFI_VARIABLE_DATA *data, size_t size, UINT32 type, } return true; } - /* Other variables will be printed as a hex string */ } else if (type == EV_EFI_VARIABLE_AUTHORITY) { - free(ret); - tpm2_tool_output(" VariableData:\n"); - - EFI_SIGNATURE_DATA *s= (EFI_SIGNATURE_DATA *)&data->UnicodeName[ - data->UnicodeNameLength]; - char *sdata = calloc (1, - BYTES_TO_HEX_STRING_SIZE(data->VariableDataLength - sizeof(EFI_GUID))); - if (sdata == NULL) { - LOG_ERR("Failled to allocate data: %s\n", strerror(errno)); - return false; + /* The MokListTrusted is boolean option, not a EFI_SIGNATURE_DATA*/ + if ((strlen(ret) == 14 && strncmp(ret, "MokListTrusted", 14) == 0)) { + free(ret); + tpm2_tool_output(" VariableData:\n" + " Enabled: "); + if (data->VariableDataLength == 0) { + tpm2_tool_output("'No'\n"); + } else if (data->VariableDataLength > 1) { + LOG_ERR("MokListTrusted value length %" PRIu64 " is unexpectedly > 1\n", + data->VariableDataLength); + return false; + } else { + uint8_t *variable_data = (uint8_t *)&data->UnicodeName[ + data->UnicodeNameLength]; + if (*variable_data == 0) { + tpm2_tool_output("'No'\n"); + } else { + tpm2_tool_output("'Yes'\n"); + } + } + return true; + } else { + /* Other variables will be printed as a hex string */ + free(ret); + tpm2_tool_output(" VariableData:\n"); + EFI_SIGNATURE_DATA *s= (EFI_SIGNATURE_DATA *)&data->UnicodeName[ + data->UnicodeNameLength]; + char *sdata = calloc (1, + BYTES_TO_HEX_STRING_SIZE(data->VariableDataLength - sizeof(EFI_GUID))); + if (sdata == NULL) { + LOG_ERR("Failled to allocate data: %s\n", strerror(errno)); + return false; + } + bytes_to_str(s->SignatureData, data->VariableDataLength - sizeof(EFI_GUID), + sdata, BYTES_TO_HEX_STRING_SIZE(data->VariableDataLength - sizeof(EFI_GUID))); + guid_unparse_lower(s->SignatureOwner, uuidstr); + tpm2_tool_output(" - SignatureOwner: %s\n" + " SignatureData: %s\n", + uuidstr, sdata); + free(sdata); + return true; } - bytes_to_str(s->SignatureData, data->VariableDataLength - sizeof(EFI_GUID), - sdata, BYTES_TO_HEX_STRING_SIZE(data->VariableDataLength - sizeof(EFI_GUID))); - guid_unparse_lower(s->SignatureOwner, uuidstr); - tpm2_tool_output(" - SignatureOwner: %s\n" - " SignatureData: %s\n", - uuidstr, sdata); - free(sdata); - return true; } else if (type == EV_EFI_VARIABLE_BOOT || type == EV_EFI_VARIABLE_BOOT2) { if ((strlen(ret) == 9 && strncmp(ret, "BootOrder", 9) == 0)) { free(ret); -- 2.37.3